Such exploitation was evident in a January attack by Kimsuky against a South Korean construction trade entity's website that lured employees into installing trojanized security software with a valid digital certificate.
Article Link: Malware deployed by North Korean hackers via VPN update exploit | SC Media